Comments on: EFF: vote for easy full-disk encryption in Ubuntu!http://boingboing.net/2011/05/06/eff-vote-for-easy-fu.html
Brain candy for Happy MutantsMon, 15 Sep 2014 23:11:17 +0000hourly1http://wordpress.org/?v=4.2.2By: Michael Smithhttp://boingboing.net/2011/05/06/eff-vote-for-easy-fu.html#comment-1103617
Wed, 30 Nov -0001 00:00:00 +0000#comment-1103617While I might have files which I want to keep really private I think it is a good idea not to give the police the idea I have gigabytes of super sensitive information on my computer. So most of my systems I leave unencrypted. If I had to hide something I would be looking at Steganography.
]]>By: jmtdhttp://boingboing.net/2011/05/06/eff-vote-for-easy-fu.html#comment-1104659
Wed, 30 Nov -0001 00:00:00 +0000#comment-1104659This is a misleading summary.

As an early Anon says, ecryptfs support for $HOME has been a tickbox away since late 2009.

If you are using alternate CD encryption, you are using dm-crypt/luks. If you are only encrypting $HOME, you can avoid typing your passphrase twice by unlocking on login via libpam-mount.

If you are encrypting more than $HOME, why?

]]>By: Anonymoushttp://boingboing.net/2011/05/06/eff-vote-for-easy-fu.html#comment-1103636
Wed, 30 Nov -0001 00:00:00 +0000#comment-1103636Cory: you know you can opt for a keyfile on a microSD card instead of a password, right? That comes at a security cost of course. But the trade of can be reasonable for certain uses, taking into account how small, and easy to hide fairly well, microSD cards are.http://wejn.org/how-to-make-passwordless-cryptsetup.html
]]>By: dalesdhttp://boingboing.net/2011/05/06/eff-vote-for-easy-fu.html#comment-1103409
Wed, 30 Nov -0001 00:00:00 +0000#comment-1103409I tried going down the route of full disk encryption when I upgraded to 10.04. After several failed attempts, it dawned on me that most of the stuff outside of /home is free and open source anyway. So I gave up and just went with encrypted home.

Still, I’d rather have my whole drive as random noise.

]]>By: Matt Khttp://boingboing.net/2011/05/06/eff-vote-for-easy-fu.html#comment-1103415
Wed, 30 Nov -0001 00:00:00 +0000#comment-1103415It sounds like a great idea, until you realize half the population forgets their password to login. Your mom will be really distressed when she realizes she’s lost all the photos she took of her grandchildren because the disk is encrypted, and there’s npthing anyone can do. Most of the population doesn’t need disk encryption.
]]>By: Anonymoushttp://boingboing.net/2011/05/06/eff-vote-for-easy-fu.html#comment-1103171
Wed, 30 Nov -0001 00:00:00 +0000#comment-1103171Fedora has these graphical options built in to it’s default Live CD.
]]>By: jungletekhttp://boingboing.net/2011/05/06/eff-vote-for-easy-fu.html#comment-1103939
Wed, 30 Nov -0001 00:00:00 +0000#comment-1103939Nobody wants your data until they want your data. Your point was?
]]>By: Anonymoushttp://boingboing.net/2011/05/06/eff-vote-for-easy-fu.html#comment-1103685
Wed, 30 Nov -0001 00:00:00 +0000#comment-1103685I’d like to point out that eCryptfs is the technology underlying the home directory encryption capability mentioned in comments #7 and #8. It’s an upstream Linux kernel feature originally developed by Michael Halcrow based on Erez Zadoc’s Cryptfs work and now maintained by Tyler Hicks. Dustin Kirkland developed the excellent integration for Ubuntu and additionally made contributions to the eCryptfs project. Note that eCryptfs is _not_ whole-disk encryption but per-file encryption. There are both benefits and risks to the approach.
]]>By: shadowfirebirdhttp://boingboing.net/2011/05/06/eff-vote-for-easy-fu.html#comment-1103175
Wed, 30 Nov -0001 00:00:00 +0000#comment-1103175It depends.

I just moved from my old computer which ran Ubuntu 9.04. I had home directory encryption enabled, and it was a pain in the butt: dropping the loop mount at odd moments, slowing everything down.

For my new computer I’ve stayed well away from that and I’ll just use Truecrypt as and when.

But, that said, if you have a fast computer with a lot of sensitive data, and don’t want the hassle, then it’s a good idea.

]]>By: TokenFrenchDudehttp://boingboing.net/2011/05/06/eff-vote-for-easy-fu.html#comment-1103181
Wed, 30 Nov -0001 00:00:00 +0000#comment-1103181Yes yes yes !
]]>By: Cory Doctorowhttp://boingboing.net/2011/05/06/eff-vote-for-easy-fu.html#comment-1103183
Wed, 30 Nov -0001 00:00:00 +0000#comment-1103183I’ve had full disk crypto on my home partition for several years now, over several machines and never experienced any slowdowns. Though I must say that it is a PITA to enter a password every time I power up — luckily, I almost never have to reboot.
]]>By: Willie McBridehttp://boingboing.net/2011/05/06/eff-vote-for-easy-fu.html#comment-1103198
Wed, 30 Nov -0001 00:00:00 +0000#comment-1103198Obligatory XKCD link: http://xkcd.com/538/
]]>By: Anonymoushttp://boingboing.net/2011/05/06/eff-vote-for-easy-fu.html#comment-1103205
Wed, 30 Nov -0001 00:00:00 +0000#comment-1103205I can vouch for this!!!
]]>By: CChttp://boingboing.net/2011/05/06/eff-vote-for-easy-fu.html#comment-1103208
Wed, 30 Nov -0001 00:00:00 +0000#comment-1103208Ubuntu 10.10 offers transparent home partition encryption on installation, slows nothing down (I’m on a netbook), doesn’t appear to eat any battery and is stable and reliable. No command line fiddling.

It’s not full disk but it is easy.

]]>By: Anonymoushttp://boingboing.net/2011/05/06/eff-vote-for-easy-fu.html#comment-1137769
Wed, 30 Nov -0001 00:00:00 +0000#comment-1137769> If you are encrypting more than $HOME, why?

1: corporate requirements. Either you encrypt your Linux box according to their requirements, or you get stuck with their pre-configured and horrid Corporate XP image with the encryption built in.

Home directory encryption through ecryptfs is already a one-click operation at setup time since 9.10 thanks to the work of Dustin Kirkland.
That’s not -exactly- full-disk encryption, but you shouldn’t store personal files outside of ~ , so this implementation is actually an excellent security/performance tradeoff. A possible remaining issues is swap , and for this yes you’d have additional work to do (or just run swapless if you have a decent machine –I do it on my 4GB machine–)

]]>By: classic01http://boingboing.net/2011/05/06/eff-vote-for-easy-fu.html#comment-1103217
Wed, 30 Nov -0001 00:00:00 +0000#comment-1103217Hacking and censure would be gone if PGP email, Disk Encryption, and Thor over SSL would be standard for everyone. As simple as that.
]]>By: boehjhttp://boingboing.net/2011/05/06/eff-vote-for-easy-fu.html#comment-1103220
Wed, 30 Nov -0001 00:00:00 +0000#comment-1103220I’m not so sure this is a good idea. The ‘alternate’ CD is very easy to use and provides (apart from encryption options) a better way to partition your HDDs.

If you can’t manage the ‘alternate’ CD then it could well be that an encrypted /home isn’t what you want or need.

]]>By: Hughhttp://boingboing.net/2011/05/06/eff-vote-for-easy-fu.html#comment-1103224
Wed, 30 Nov -0001 00:00:00 +0000#comment-1103224I haven’t tried it, but I’ve read reports that SSD disks significantly reduce any performance hit that might normally be associated with full-disk encryption. So perhaps it is destined for increased relevance.
]]>By: bardfinnhttp://boingboing.net/2011/05/06/eff-vote-for-easy-fu.html#comment-1103248
Wed, 30 Nov -0001 00:00:00 +0000#comment-1103248Modern hardware (anything that’s been made in the past four years) is capable of supporting on-the-fly disk encryption without a performance hit during non-startup use (After the authentication and decryption, a fallthrough matrix is set up that is supported by the hardware, and the process is then pipelined so that it is not interruptable by such things as drawing a window on the screen, and is very much a straightforward bit-shift operation.)

The utility of including full-disk encryption on the default LiveCD would be to secure one’s operating system from being tampered with (a worthy aim), and to secure what operating system is installed / what operating system additions and modifications exist on the system (which could tip off oppressive regimes, causing them to flag someone for “interrogation” – file access datestamps and intellectual property only available in certain places, not protected by home directory encryption).

The upside is, that the more people who have encryption, use encryption, and refuse to give out passwords, the more accepted it will be to have a device that is not auditable by a third party (PRIVACY!).

The downside is, for Ubuntu, that if they make it straightforward and simple for someone to pick full-disk encryption and the particular machine’s hardware doesn’t support the pipelining that makes encryption a non-issue for modern hardware, then their machine’s performance is going to take a significant hit, and the person will come away from their first use of Ubuntu thinking it’s far sub-standard (because the encryption is transparent to the end-user, it is unfortunately very transparent to the end-user).

]]>By: Jonathan Fredericksonhttp://boingboing.net/2011/05/06/eff-vote-for-easy-fu.html#comment-1103249
Wed, 30 Nov -0001 00:00:00 +0000#comment-1103249Maybe, but making it easier for the average user would help spread awareness. Data privacy doesn’t have to be exclusive to the paranoid. That said, it would then be necessary to warn users that they would not be able to recover their data if something goes horribly wrong… I could see people complaining about that.

On another note, the Fedora 15 beta already offers this. Not sure about previous versions.

]]>By: Anonymoushttp://boingboing.net/2011/05/06/eff-vote-for-easy-fu.html#comment-1103254
Wed, 30 Nov -0001 00:00:00 +0000#comment-1103254I tried to vote but you have to be registered…

I’m not going through that much work!

]]>By: Anonymoushttp://boingboing.net/2011/05/06/eff-vote-for-easy-fu.html#comment-1103259
Wed, 30 Nov -0001 00:00:00 +0000#comment-1103259I believe that is what the EFF is trying to address.

EFF seems to have set themselves up a straw man here, given that homedir encryption is already imminently possible. This data ought all be stored in your home dir, at least for Firefox & Chrome. Shame on EFF for FUD’ing this issue up.

]]>By: Anonymoushttp://boingboing.net/2011/05/06/eff-vote-for-easy-fu.html#comment-1103827
Wed, 30 Nov -0001 00:00:00 +0000#comment-1103827I can’t imagine what practical scenario would possess someone to use a livecd in this way, but whatever.

It’s open source and all the tools are readily available. Do it yourself. And if “command line fiddling” is beyond your technical abilities, you shouldn’t be encrypting your filesystem. You’re Gonna Have a Bad Time.

I’m all for encryption mechanisms to protect data and would LOVE it if more people took privacy more seriously, but the reality is this: chances are, no one wants your data.

]]>By: Gordon JC Pearcehttp://boingboing.net/2011/05/06/eff-vote-for-easy-fu.html#comment-1103591
Wed, 30 Nov -0001 00:00:00 +0000#comment-1103591I can’t see myself ever wanting to use full disk encryption, or even home directory encryption. Disks are already too slow. Why would I make them even slower?
]]>